1996-04-05 - Re: software with “hooks” for crypto
Header Data
From: Howard Melman <melman@osf.org>
To: cypherpunks@toad.com
Message Hash: 4aca47eae1fbe4259b3865dd6cbd8520959b5d53573c93e48f87bedde48d3c99
Message ID: <9604041614.AA04108@absolut.osf.org.osf.org>
Reply To: <2.2.32.19960403145406.0034a4d4@labg30>
UTC Datetime: 1996-04-05 00:26:48 UTC
Raw Date: Fri, 5 Apr 1996 08:26:48 +0800
Raw message
From: Howard Melman <melman@osf.org>
Date: Fri, 5 Apr 1996 08:26:48 +0800
To: cypherpunks@toad.com
Subject: Re: software with "hooks" for crypto
In-Reply-To: <2.2.32.19960403145406.0034a4d4@labg30>
Message-ID: <9604041614.AA04108@absolut.osf.org.osf.org>
MIME-Version: 1.0
Content-Type: text/plain
On Wed Apr 3, 1996, John Deters wrote:
> At 02:31 PM 4/2/96 -0800, you wrote:
> >Hello all,
> >
> >I'm trying to figure out exactly what the laws are regarding the export of
> >software which contains "hooks" for PGP. In various forms, I've heard
> >that it's not the ITAR which prevents this, but more a "suggestion" by
> >the NSA that we "shouldn't do it." Does anyone have any pointers to
> >real legislation/laws regarding this?
>
> There are a number of "PGP Helpers" (If this is Tuesday, it must be PGP) out
> there. These are other PGP front end applications such as Private Idaho,
> PGPShell and others that do NOT include PGP, nor do they contain any
> encryption code within them. These applications are all billed as "freely
> exportable". If your software does not contain any encryption code, such
> that it simply "invokes" the users separately-obtained-and-installed copy of
> PGP, you are not in violation of ITAR. It sounds like this is what you're
> doing with your "hooks for PGP".
I am not a lawyer.
Hooks to encryption code have *sometimes* been considered
"ancillary devices" and as such are in violation of ITAR.
Calling another executable like pgp *might* be less of an
issue than having source code hooks that call crypto library
routines, but maybe not. (And no I don't understand why
they would be different)
NCSA had something related to this in their use of PEM/PGP
in httpd. See some info at:
http://hoohoo.ncsa.uiuc.edu/docs/PEMPGP.html
which says:
Note: As of NCSA HTTPd 1.4.1, support for PEM/PGP encryption
was removed in order to bring NCSA in compliance with the
Internation Treaty on Arms Reduction to which the United
States of America is a signatory. We hope to have an
improved version available with NCSA HTTPd 1.5 from an
export controlled server.
In sum, check with a lawyer.
Howard
Thread
Return to April 1996
- Return to “Howard Melman <melman@osf.org>”
Return to “John Deters <jad@dsddhc.com>”
- 1996-04-03 (Wed, 3 Apr 1996 06:54:19 -0800 (PST)) - Re: software with “hooks” for crypto - John Deters <jad@dsddhc.com>
- 1996-04-05 (Fri, 5 Apr 1996 08:26:48 +0800) - Re: software with “hooks” for crypto - Howard Melman <melman@osf.org>